navigation hint

Source: phf.txt





You are here: Home Output Source: phf.txt 

#!/usr/bin/perl -Tw

# phf buster
# They want a passwd file to crack?  Let's give them one.
# Copyleft 1997 Jason Costomiris (whois:JC1011).
# Rights?  You had rights?  When I was a kid......

require 5.003;
use strict;
srand;

# Run to the nearest CPAN, and get Tie::IxHash!

my %lusers = undef;

use Tie::IxHash;
tie %lusers, 'Tie::IxHash', ( duh => 'Why',
        hank => 'are',
        bill => 'you',
        dweeb => 'wasting',
        dreck => 'your',
        operator => 'time',
        smack => 'luser',
        harvey => 'Only',
        dork => 'a',
        adm => 'dork',
        lart => 'would',
        daemon => 'try',
        hillary => 'holes',
        dale => 'that',
        slappy => 'have',
    bin => 'been',
        beavis => 'known',
        lp => 'for',
        bubba => 'over',
        news => 'two',
        uucp => 'years');


my @shells = ('/bin/sh','/bin/csh','/usr/bin/ksh',
              '/usr/local/bin/tcsh','/usr/local/bin/bash');

use CGI;
my $query = new CGI;

my $qs = $query->query_string;

if ( $qs =~ /id/i ) {
    print $query->header('text/plain');
    print "uid=65534(nobody) gid=65535 groups=65535\n";
    print "Did you really think httpd would be running as root?  Come on.\n";
} elsif ( $qs =~ /passwd/i ) {
    print $query->header('text/plain');
    my $rootpw = &crypt_it('root','dork');
    print "root:$rootpw:0:0:SuperLuser:/:/bin/sh\n";
    my $uid = 5;
    my $gid = 100;
    my $luser;
    foreach $luser (keys %lusers) {
        my $line = join(':', $luser, &crypt_it($luser, $lusers{$luser}), 
                             $uid, $gid, $luser, '/home/' . $luser, 
                             $shells[rand($#shells)]);
        print "$line\n";
        $uid++;
    }
} elsif ( $qs =~ /uname/i ) {
    print $query->header('text/plain');
    print "Timex wart 17.6.8pl97.2 #1 Thu Feb 18 11:19:54 EST 1997 Sinclair Ultra\n";
} else {
    print $query->header('text/plain');
    print "We don\'t run phf here.  Go away.\n";
}

# Thank you Dave Pirmann..  Rather than spend the time to write this 
# myself, I lifted this sub() out of your adduser script...
# Dave's a swell guy, send him an email... whois:DCP3 
sub crypt_it {
  my($user, $pass)=@_;
  my($nsalt,$week,$now,$pert1,$pert2,@salt_set);
  @salt_set=('a'..'z','A'..'Z','0'..'9','.','/');
  $now=time;
  ($pert1,$pert2) = unpack("C2",$user);
  $week = $now / (60*60*24*7) + $pert1 + $pert2;
  $nsalt = $salt_set[$week % 64] . $salt_set[$now %64];
  return crypt($pass,$nsalt);
}
Feel the urge? talk back.
Trouble seeing images on this site? Learn why.
© 1993 - 2002 Jason Costomiris, except where otherwise noted. All Rights Reserved.
My opinions are just that - my opinions, and not necessarily those of you, the guy down the street, or the company I work for.